Last Call Review of draft-ietf-opsec-lla-only-07
review-ietf-opsec-lla-only-07-secdir-lc-inacio-2014-04-03-00
Request | Review of | draft-ietf-opsec-lla-only |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2014-04-07 | |
Requested | 2014-03-27 | |
Authors | Michael H. Behringer , Éric Vyncke | |
I-D last updated | 2014-04-03 | |
Completed reviews |
Genart Last Call review of -07
by Peter E. Yee
(diff)
Genart Telechat review of -10 by Peter E. Yee (diff) Secdir Last Call review of -07 by Christopher Inacio (diff) Opsdir Last Call review of -07 by Suzanne Woolf (diff) |
|
Assignment | Reviewer | Christopher Inacio |
State | Completed | |
Request | Last Call review on draft-ietf-opsec-lla-only by Security Area Directorate Assigned | |
Reviewed revision | 07 (document currently at 11) | |
Result | Has nits | |
Completed | 2014-04-03 |
review-ietf-opsec-lla-only-07-secdir-lc-inacio-2014-04-03-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Overall impression is that this is a well written draft, and I didn’t particularly notice any editorial comments, although I wasn’t focused on that. The entire draft is dedicated to an informational router configuration that encourages using link local addressing on the non-public facing router interfaces. The draft, as a whole does a good job describing and referencing previous work on configuration and mitigation strategies to encourage a more secure configuration. My only feedback is that the Security Considerations section might also include a sentence referencing all of the other RFC’s and guidance previously mentioned in the document: For additional security considerations, as previously stated, see also: [RFC5837], [I-D.ietf-opsec-bgp-security]. and possible a statement saying that all other previous recommendations for control plane security, etc. I do understand if this recommendation is not acted upon, it is difficult to summarize an entire document which is about configuration for security into a single concise paragraph at the end of the document. regards, -- Chris Inacio inacio at cert.org